When you say "limit users from sending bulk emails" are you trying to set a max number of recipients an email can contain?

Originally Posted by mmorse

Can't from the admin console GUI, but you can via postfix CLI:

smtpd_recipient_limit (default 1000) parameter controls how many recipients the SMTP server will take per message delivery request.
-You can't restrict this to a to/cc/bcc field - it's all recipients. For that you'd have to use a regular expression in header_checks to arbitrarily limit the length of each header to something reasonable. (We could do this in the web-client though if someone wants to open an RFE in bugzilla.)

smtpd_recipient_overshoot_limit (default 1000) - The number of recipients that a remote SMTP client can send in excess of the hard limit specified with smtpd_recipient_limit, before the Postfix SMTP server increments the per-session error count for each excess recipient. "Postfix will 4xx the 'overshoot' addresses so a sending MTA can try them again later."

Then see the smtpd_hard_error_limit (default 20) parameter to know at what number of errors it will disconnect.

So you technically need to consider like 3 values here - which affect both inbound & outbound mail.

(I've heard of an smtpd_extra_recipient_limit but I've never used it / might just be for in queues.)

Then there's the throttling tools:

smtpd_client_recipient_rate_limit (default: 0 no limit) - The maximum number of recipient addresses that an SMTP client may specify in the time interval specified via anvil_rate_time_unit (default: 60s -careful adjusting this affects other things)" and note that this is "regardless of whether or not Postfix actually accepts those recipients" Those over will receive a 450 4.7.1 Error: too many recipients from [the.client.ip.address] It's up to the client to deliver those recipients at some later time.

It may prove prudent to also adjust:smtpd_client_connection_rate_limit (default: 0)- The maximal number of connection attempts any client is allowed to make to this service per time unit. The time unit is specified with the anvil_rate_time_unit configuration parameter.smtpd_client_message_rate_limit (default: 0) - The maximal number of message delivery requests that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. The time unit is specified with the anvil_rate_time_unit configuration parameter.

The purpose of these features are to limit abuse, as opposed to regulating legitimate mail traffic, but some use them that way.

There's also Policyd which can do sender-(envelope, SASL, or host / ip)-based throttling on messages and/or volume per defined time unit, plus recipient rate limiting. http://www.policyd.org

To adjust:

su - zimbra
postconf -e 'smtpd_recipient_limit = 1000'

To apply settings:

postfix reload

To check current settings:

postconf | grep smtpd_recipient_limit

Note: When your looking this up, smtpd_recipient_limit is not to be confused with default_destination_recipient_limit parameter, which controls how many recipients a Postfix delivery agent will send with each copy of an email message. If an email message exceeds that value, the Postfix queue manager breaks up the list of recipients into smaller lists. Postfix will attempt to send multiple copies of the message in parallel. So that really isn't limiting the number of addresses, it just breaks it into chunks for other servers to accept easier.

hi mike, thanks for the informative reply.
I was actually worried about mass-mailing spammers. But I guess those should be dealt with at the IP level -- if someone abuses the server, their IP gets blacklisted in the firewall.